From: Marco Felsch <m.felsch@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: Marco Felsch <m.felsch@pengutronix.de>
Subject: [PATCH 00/23] Improve OP-TEE handling
Date: Mon, 10 Nov 2025 21:34:40 +0100 [thread overview]
Message-ID: <20251110-v2025-09-0-topic-optee-of-handling-v1-0-8f0625ac5471@pengutronix.de> (raw)
Hi,
by this patchset I want to improve the current barebox OP-TEE handling.
Currently there are many paths which do all have their own pitfalls.
- ARM (i.MX6, i.MX6UL(L)):
- bootm OP-TEE loading (deprecated)
- early boot loading:
Barebox and OP-TEE make use of a 'magic' FDT memory location, which
was used by OP-TEE to pass information like 'reserved-memory' nodes
and the used firmware interface and the psci node.
Barebox doesn't pass the builtin FDT which could be used by OP-TEE
to determine the memory setup.
- ARM64 (i.MX8M, i.MX93, Rockchip):
- early boot loading via BL2
Barebox doesn't make use of the 'magic' FDT memroy location and
instead uses Kconfig options which need to be in sync with the
OP-TEE config switches during compile time to configure the
'reserved-memory' nodes and firmware interface.
Barebox doesn't pass the builtin FDT which could be used by OP-TEE
to determine the memory setup.
- RISC-V
- no OP-TEE support yet
By this patchset I want to implement a common flow, while keeping the
backward compatibility. The common bootflow shall be:
- BL2:
- opt. extracts the builtin DTB into a buffer
- passes the DTB to OP-TEE via arch dependend boot arguments.
- OP-TEE
- uses the DTB to gather information like memory setup
- can dyn. configure the TZC accordingly
- provides information back to barebox via DTB overlay fragments
(added to the provided DTB (details..)). This can be
'reserved-memory' nodes, OP-TEE call-interface (smc), or secure HW
configurations (like CAAM secure-jobrings)
- BL33 (pbl)
- extracts the information from OP-TEE and registers it via a well
known handoff data ID for barebox proper.
- BL33 (proper)
- the common barebox proper boot path checks for a specific
handoff-id and registers the OF overlay as early as possible during
boot.
BL2, OP-TEE and BL33 (pbl) are architecture dependend steps for which
common helpers are added by this patchset.
BL33 (proper) is common to all and addressed by this patchset as well.
The patchset targets the i.MX8M platforms, other platforms need to be
converted later on.
Regards,
Marco
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Marco Felsch (23):
pbl: compressed-dtb: add missing includes
pbl: fdt: fix fdt_fixup_mem error handling
ARM: atf: add missing includes in atf_common.h
ARM: i.MX8M: add support to pass DT via imx8m{m,n,q,p}_load_and_start_image_via_tfa()
ARM: i.MX8M: cosmetic cleanup
ARM: i.MX8M: move BL32 setup into imx8m_tfa_start_bl31()
ARM: i.MX8M: imx8m_tfa_start_bl31() add support for bl33 and fdt
pbl: decomp: add pbl_dtbz_uncompress helper
pbl: fdt: add pbl_load_fdt helper
ARM: i.MX: scratch: add FDT support
ARM: i.MX8M: esdctl: drop ddrc base from imx8m_ddrc_sdram_size
ARM: i.MX8M: esdctl: export imx8m_ddrc_sdram_size()
ARM: i.MX8M: add support to pass BL3x bl_params
ARM: i.MX: scratch: add OP-TEE FDTO support
pbl: string: add strncmp
pbl: fdt: add fdt_copy_node helper
handoff-data: Add BL32_DT_OVL entry
security: optee: add optee_extract_fdto helper
security: optee: add helpers to apply OP-TEE FDTO
ARM: i.MX8M: Add support to extract OP-TEE provided informations
of: base: register optional OP-TEE overlay
pbl: add support to disable/remove the /secure-chosen/stdout-path
ARM: i.MX8M: remove /secure-chosen/stdout-path if requested
arch/Kconfig | 3 +
arch/arm/boards/congatec-qmx8p/lowlevel.c | 6 +-
arch/arm/boards/innocomm-imx8mm-wb15/lowlevel.c | 2 +-
arch/arm/boards/karo-qsxp-ml81/lowlevel.c | 2 +-
arch/arm/boards/mnt-reform/lowlevel.c | 2 +-
arch/arm/boards/nxp-imx8mm-evk/lowlevel.c | 15 +-
arch/arm/boards/nxp-imx8mn-evk/lowlevel.c | 11 +-
arch/arm/boards/nxp-imx8mp-evk/lowlevel.c | 2 +-
arch/arm/boards/nxp-imx8mq-evk/lowlevel.c | 2 +-
arch/arm/boards/phytec-som-imx8mm/lowlevel.c | 2 +-
arch/arm/boards/phytec-som-imx8mq/lowlevel.c | 2 +-
arch/arm/boards/polyhex-debix/lowlevel.c | 6 +-
arch/arm/boards/protonic-imx8m/lowlevel-prt8mm.c | 2 +-
arch/arm/boards/skov-imx8mp/lowlevel.c | 6 +-
arch/arm/boards/tqma8mpxl/lowlevel.c | 2 +-
.../variscite-dt8mcustomboard-imx8mp/lowlevel.c | 2 +-
arch/arm/boards/zii-imx8mq-dev/lowlevel.c | 21 +-
arch/arm/include/asm/atf_common.h | 3 +
arch/arm/mach-imx/Kconfig | 13 +
arch/arm/mach-imx/atf.c | 262 +++++++++++++--------
arch/arm/mach-imx/esdctl.c | 53 ++++-
arch/arm/mach-imx/imx9.c | 2 +-
arch/arm/mach-imx/scratch.c | 30 +++
arch/arm/mach-rockchip/rockchip.c | 3 +-
common/Kconfig | 24 ++
drivers/of/base.c | 3 +
drivers/soc/imx/soc-imx8m.c | 3 +-
drivers/tee/optee/Kconfig | 1 +
drivers/tee/optee/of_fixup.c | 46 ++++
include/compressed-dtb.h | 2 +
include/mach/imx/esdctl.h | 1 +
include/mach/imx/scratch.h | 3 +
include/mach/imx/xload.h | 16 +-
include/pbl.h | 9 +
include/pbl/handoff-data.h | 1 +
include/tee/optee.h | 17 ++
pbl/Kconfig | 11 +
pbl/console.c | 18 ++
pbl/decomp.c | 12 +
pbl/fdt.c | 187 ++++++++++++++-
pbl/handoff-data.c | 2 +
pbl/string.c | 15 ++
security/optee.c | 44 ++++
43 files changed, 708 insertions(+), 161 deletions(-)
---
base-commit: 6b59c24110434d7922e127dac22a598e0a6a23db
change-id: 20251110-v2025-09-0-topic-optee-of-handling-e9f51531c464
Best regards,
--
Marco Felsch <m.felsch@pengutronix.de>
next reply other threads:[~2025-11-10 20:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-10 20:34 Marco Felsch [this message]
2025-11-10 20:34 ` [PATCH 01/23] pbl: compressed-dtb: add missing includes Marco Felsch
2025-11-10 20:34 ` [PATCH 02/23] pbl: fdt: fix fdt_fixup_mem error handling Marco Felsch
2025-11-10 20:34 ` [PATCH 03/23] ARM: atf: add missing includes in atf_common.h Marco Felsch
2025-11-10 20:34 ` [PATCH 04/23] ARM: i.MX8M: add support to pass DT via imx8m{m,n,q,p}_load_and_start_image_via_tfa() Marco Felsch
2025-11-10 20:34 ` [PATCH 05/23] ARM: i.MX8M: cosmetic cleanup Marco Felsch
2025-11-10 20:34 ` [PATCH 06/23] ARM: i.MX8M: move BL32 setup into imx8m_tfa_start_bl31() Marco Felsch
2025-11-10 20:34 ` [PATCH 07/23] ARM: i.MX8M: imx8m_tfa_start_bl31() add support for bl33 and fdt Marco Felsch
2025-11-10 20:34 ` [PATCH 08/23] pbl: decomp: add pbl_dtbz_uncompress helper Marco Felsch
2025-11-10 20:34 ` [PATCH 09/23] pbl: fdt: add pbl_load_fdt helper Marco Felsch
2025-11-10 20:34 ` [PATCH 10/23] ARM: i.MX: scratch: add FDT support Marco Felsch
2025-11-10 20:34 ` [PATCH 11/23] ARM: i.MX8M: esdctl: drop ddrc base from imx8m_ddrc_sdram_size Marco Felsch
2025-11-10 20:34 ` [PATCH 12/23] ARM: i.MX8M: esdctl: export imx8m_ddrc_sdram_size() Marco Felsch
2025-11-10 20:34 ` [PATCH 13/23] ARM: i.MX8M: add support to pass BL3x bl_params Marco Felsch
2025-11-10 20:34 ` [PATCH 14/23] ARM: i.MX: scratch: add OP-TEE FDTO support Marco Felsch
2025-11-10 20:34 ` [PATCH 15/23] pbl: string: add strncmp Marco Felsch
2025-11-10 20:34 ` [PATCH 16/23] pbl: fdt: add fdt_copy_node helper Marco Felsch
2025-11-10 20:34 ` [PATCH 17/23] handoff-data: Add BL32_DT_OVL entry Marco Felsch
2025-11-10 20:34 ` [PATCH 18/23] security: optee: add optee_extract_fdto helper Marco Felsch
2025-11-10 20:34 ` [PATCH 19/23] security: optee: add helpers to apply OP-TEE FDTO Marco Felsch
2025-11-10 20:35 ` [PATCH 20/23] ARM: i.MX8M: Add support to extract OP-TEE provided informations Marco Felsch
2025-11-10 20:35 ` [PATCH 21/23] of: base: register optional OP-TEE overlay Marco Felsch
2025-11-10 20:35 ` [PATCH 22/23] pbl: add support to disable/remove the /secure-chosen/stdout-path Marco Felsch
2025-11-10 20:35 ` [PATCH 23/23] ARM: i.MX8M: remove /secure-chosen/stdout-path if requested Marco Felsch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251110-v2025-09-0-topic-optee-of-handling-v1-0-8f0625ac5471@pengutronix.de \
--to=m.felsch@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox